In this issue:
Editor’s Corner – Ghost assets, GDPR compliance, partnering with Microsoft, Internet security. Windows and Linux news. PowerShell tutorials and Linux how-to’s. IT Bookshelf: The Security Hippie. Mainframes never die. Movie transcripts. Free sheet music. Plus lots more — read it all, read it here on WServerNews!
Ghost assets can be a serious problem for organizations. Are there any ghosts hanging around your server room? Photo by Anya Batalova on Unsplash
Got questions? Ask our readers!
WServerNews goes out each week to almost 200,000 IT pro subscribers worldwide! That’s a lot of expertise to tap into. Do you need help with some technical problem or are looking for expert advice on something IT-related? You can Ask Our Readers for help by emailing us your problem or question. Do it today!
Help spread the news!
Please tell all your colleagues and friends about WServerNews and its companion newsletter FitITproNews, and let them know that they can subscribe to these and other TechGenix newsletters for free by going here. Thanks!!
Hey, why are we all here? Is there a concert? A demonstration? No, these people are looking for how they can subscribe to WServerNews and they’ll only know how if you tell them! Photo by Owen Cannon on Unsplash
Editor’s Corner
Welcome to this week’s issue of WServerNews!
Recently I came across an intriguing article in BetaNews that talks about how “ghost assets” can cause problems for IT departments of organizations seeking to comply with GDPR. According to Comparesoft, a UK-based company that provides AI-driven search assistant technology for comparing B2B software solutions, a ghost asset is “an asset that cannot be physically accounted for yet appears on a business’s stock sheet” which can “appear when either an asset has been lost, stolen, destroyed, or misplaced and has not yet been removed from an asset register.” Ghost assets tend to arise because of poor IT asset management practices, such as keeping track of hardware, software and data storage resources manually in a spreadsheet. And with GDPR hanging over us like the Sword of Damocles, the combination of poor IT asset management together with increasing shadow IT due to the pandemic and rushed moves into remote work can result in big financial penalties for non-compliant organizations.
This might be as good a time as any then to review the asset management solution your organization uses to keep track of what assets you have, where they’re located and how they’re being used. While the media buzz over GDPR has pretty much died down now that it’s been almost four years since GDPR came into effect, the reality is that many organizations have been fined under GDPR and more are still being fined for failure to comply with these regulations. In an age where data privacy is becoming one of the top concerns of both individuals and businesses, the burden of compliance is only going to increase for companies as new regulations come into existence in different quarters. C-suite leaders, and especially IT managers, need to get serious about implementing automated solutions for IT asset tracking and data privacy compliance verification.
So give it some thought this week and we’ll try to keep you informed here in our newsletter of significant changes in the compliance landscape. For example, if you’re an internet service provider (ISP) or partner closely with one, here’s a press release from the US Federal Trade Commission (FTC) from a few months back which you may have missed but should pay attention to.
Before we move on to what’s been happening in the IT world this week, here are a couple of other interesting things to look at. Redmond Channel Partner has an article that takes Microsoft to the woodshed over how they’re making life harder and harder for their longtime network of partner organizations selling Microsoft solutions. I know a number of Microsoft partners working in our area and the general feeling I get from them is that they’re long past the point of feeling “loyal” to Microsoft as a company interested in helping them prosper with their businesses. As someone who was himself a Microsoft Most Valuable Professional (MVP) for twelve years, the situation with the channel partner program reminds me of how Microsoft changed their stance years ago from rewarding MVPs with recognition (and goodies) as valuable volunteers to trying to use us as marketing tools for hawking Microsoft kool-aid. But I guess it’s inevitable that big fish end up trying to eat all the little fish instead of finding ways to coexist with them in ecological harmony and balance. In the end, it’s every fish for himself, right?
Another interesting news item we covered several issues ago was how Russia we planning on setting up its own trusted root CA to enable Russian websites to renew their TLS certificates whose renewal was being impeded by Western sanctions. This got me started digging around to refresh my understanding of how the digital certificate technologies worked, and I stumbled across this disturbing article by Geoff Huston on the APNIC blog that throws cold water on the whole idea of certificates providing a safe and reliable way of securing whatever we do on the Internet, like shopping, banking, etc. The more I examine closely the architecture and operation of today’s global Internet, the more I’m tempted to keep my money stashed under my mattress instead of accessing it with online banking. Are you worried about security on the Internet? Let me know if you have any thoughts worth sharing on this topic.
And finally, if you find so much interesting stuff to read in our weekly newsletter that you never get right down to the end, try starting to read from the bottom of our newsletter where you’ll find our new section called And Finally, the place where Your Editors get to rant, vent and ramble on incessantly as we share the odd, the stupid and the remarkable things we come across in our journey across the online galaxy. And if you find something yourself that you feel might fit well within this new section, send us a link and we’ll put on our Humor Hats and evaluate whether it passes the Good Grief test for including it in our newsletter.
Till next week.
—Mitch
This Week in IT
A compendium of recent IT industry news compiled by Your Editors. Feel free to email us if you find a news item you think our newsletter readers might be interested in.
Lots has been happening on the cyberthreat front recently. APC Uninterruptible Power Supply (UPS) solutions are de rigueur for keeping your servers running when a blackout occurs, so it’s critical to make sure these devices are patched to prevent hackers from remotely burning them out (BleepingComputer). CISA and the US DOE have published some guidance on how to mitigate attacks against UPS devices that is worth taking two minutes out of your busy schedule to read.
Another device that’s common at most SMBs is the network attached storage (NAS) appliance, and here also admins need to be alert to the danger facing NAS appliances form QNAP because of the recently discovered OpenSSL bug found in them (ThreatPost).
If your organization buys its client or server systems from Dell then be alert to the possibility of your systems being vulnerable to a newly found firmware exploit. Patches are available for this vulnerability and should be applied—see Tom’s Hardware for details.
Some HP printers have been found to be susceptible to denial of service (DoS) and information disclosure attacks and may even be vulnerable to the threat of remote code execution. HP’s Support site has more information with links to firmware updates for the affected machines.
And over on the Microsoft side of things, there’s a nasty trojan spreading around that’s distributed via Microsoft Excel add-ins. This was discovered by cybersecurity vendor Morphisec and is explained in detail on their blog.
Wait, that’s not all! Do you drive a Honda Civic? If so you might consider your car in for a Toyota Corolla once you’ve read this article from The Register.
And there’s even more! The Hacker News reports that several new security vulnerabilities have been discovered in programmable logic controllers (PLCs) from Rockwell. While this might only interest readers who manage IT in industrial environments, it does remind me of Michael Mann’s movie BlackHat which I personally feel is the best “hacking movie” ever made. Watch it on Netflix.
Oh no, and you thought Log4Shell was bad! RCE Bug in Spring Cloud Could Be the Next Log4Shell, Researchers Warn, says ThreatPost, which continues by saying that “The security bug could crop up, so to speak, in any number of Java applications.”
Well I guess that’s enough cybersecurity news for one week, I’m already feeling kinda numb.
Windows news
Just two bits of interesting news about the Windows platform. A new version of Microsoft PowerToys has been released with various fixes and improvements. You can find out more and get it here on GitHub. And for Windows 11 version 21H2 there’s a known issue that user data in IE11 which was not already imported into Microsoft Edge before upgrading might not be available afterwards (Microsoft Docs). It’s a good reminder that it’s always best practice to read the release notes thoroughly before upgrading to a new version of Windows (or anything else).
Windows Server news
Several fixes and improvements have been announced for Windows Admin Center which you can read about on the Windows Admin Center Blog. And if your organization uses Microsoft System Center then take note that System Center 2022 is now GA (System Center Blog).
Linux news
Linux has not been immune to discovering vulnerabilities in the platform recently. The newly discovered Dirty Pipe vulnerability which has been present in the Linux kernel since version 5.8 enables local users to gain root privileges. Admin Network & Security magazine says it’s “the most severe issue to hit Linux since Dirty Cow reared its ugly head in 2016.” The Dirty Pipe vulnerability has been fixed in Linux 5.16.11, 5.15.25 and 5.10.102, but unfortunately some devices like certain Android phones may not allow for their kernels to be upgraded—check with your device vendor. If you want to learn more about how this vulnerability works, read this blog post by Max Kellerman.
Upcoming webcasts, events and conferences
Got an event, conference or webcast you want announced in our newsletter? Email us!
Ready for Anything: SaaS Management and Security Solutions Forum – SANS webcast on April 22nd, register here.
HPE Discover Tech Academies – Live in Las Vegas on June 25-30 or virtually on June 13-17 – register today!
Also be sure to check out Redmond Channel Partner’s calendar of upcoming Microsoft conferences for partners, IT pros and developers!
Got comments about anything in this issue?
Email us! We love hearing from our readers!
Meet the Editors!
MITCH TULLOCH is Senior Editor of both WServerNews and FitITproNews and is a widely recognized expert on Windows Server and cloud technologies. He has written more than a thousand articles and has authored or been series editor for over 50 books for Microsoft Press and other publishers. Mitch has also been a twelve-time recipient of the Microsoft Most Valuable Professional (MVP) award in the technical category of Cloud and Datacenter Management. He currently runs an IT content development business in Winnipeg, Canada that produces books, ebooks, whitepapers, case studies, courseware, documentation, newsletters and articles for various companies.
INGRID TULLOCH is Associate Editor of both WServerNews and FitITproNews. She was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press and collaborated on developing university-level courses in Information Security Management for a Masters of Business Administration (MBA) program. Ingrid also manages Research and Development for the IT content development business she runs together with Mitch.
Subscribe today to WServerNews!
Subscribe today and join almost 200,000 other IT professionals around the world who subscribe to our newsletter! Just go to this page and select WServerNews and you’ll receive it every Monday in your inbox.
IT Workshop – tools, whitepapers and more
Got a product or solution or some other resource you’d like to tell our readers about? Email us!
Our TOOL OF THE WEEK is the new Nexsan Unity NV10000 enterprise-class NVMe All-Flash data storage solution from StorCentric. You can read the press release here.
Version 18 of 3XC digital collaboration software improves reliability, call quality, and adds support for Microsoft Teams, not to mention giving you a free trial for a full year. Read our TechGenix review of this product!
BiznessApps from IgniteTech is the #1 app builder for small businesses, where you can create your own app or become a reseller and build apps for others.
If you’re looking for the security baseline for the latest version of Microsoft Edge you can find it here!
Tips and Tutorials
Some resources if you use PowerShell in your environment:
- How to Encrypt PowerShell Scripts (ITPro Today)
- Tracing Your Way Through a Complex PowerShell Script (TechGenix)
- Creating a PowerShell Script to Post Deployment Updates for Azure DevOps in AppDynamics (TechGenix)
- How to trace and troubleshoot the Intune Endpoint Security Firewall rule creation process (Intune Support Team)
- 12 Performance Tips for Your Virtual Machine (CloudHat.eu)
- How to transfer files to your Azure VM with no public open RDP port (ITOps Talk Blog)
And here are some Linux how-to’s:
- How to install aws cli on Linux (nixCraft)
- How to install YubiKey Manager GUI on Linux (nixCraft)
- How to Do a Fuzzy File Search in Linux (Tom’s Hardware)
- How to Upgrade From Ubuntu 20.04 to Ubuntu 22.04 LTS (Step-by-Step Guide) (UbuntuHandbook)
Freebies!!
Got a freebie you want to offer our readers? You can reach almost 200,000 IT pros worldwide with our newsletter—email us!
Download the free ebook Enhance Your IT Security – Expert Guidance to Protect Your Business from Cyber Threats from The Hacker News!
Cyberheist: The Biggest Financial Threat Facing Organization’s Worldwide – free PDF ebook by Stu Sjouwerman who founded our newsletters way back in September 1997. Be sure to check out the website of KnowBe4 the security awareness training company that Stu now heads up!
IT Bookshelf: The Security Hippie
I very much enjoyed reading The Security Hippie (CRC Press, 2022) though I must confess that I can’t see why the author describes himself as a hippie. Because when I googled the phrase “characteristics of hippies” the top result was a thesis written by a student at a university in Indonesia which is quoted by Google as describing hippies as individuals “having long hair, wearing conspicuous colored clothes, adhering communal living, having free sex, being addicted to drugs, being in doubt about American materialism, commercialism, cultural and political institutions.” And from examining the Barak’s photo from the About Us section of his company’s website you can see from his hair that he’s definitely no hippie, and I don’t get the impression from his book either that he subscribes to the other alleged hippie values identified in the thesis. Though in his book Barak does include a photo of himself sporting what he calls a “Jewfro” which probably grew out during his period of working from home due to the pandemic. But any self-styled specialist in the history of Hippie counterculture knows that genuine hippies sported Afros, not Jewfros.
Of course all this nonsense is irrelevant when it comes to the main topic of Barak’s book. Which is basically that information security is more about people than about technology. Which is why he’s filled his book with entertaining and informative personal stories from his years working on the front lines of cybersecurity, first as a CISO at various companies and later as a security consultant and founder of EAmmune, a security management consulting firm with a global roster of clients. Because stories are about the things that happen when people interact, do business and collide.
And boy, are Barak’s stories ever entertaining! And instructive! Take his first chapter “Failing to Fail” for instance, where he recounts how when he was just starting out as an independent security consultant he accidentally emailed malware he was investigating to all of his clients and potential clients of his business! One would imagine that a gaff like that would spell the immediate end of his efforts to build a business, but being someone with integrity and an honest heart he immediately emailed them all to apologize profusely for what he had just done, tell them it would be entirely reasonable if they never wanted to do business with him again, and ask if they would consider giving him one more chance to prove himself to them. The result was not what he expected—he actually gained several new clients! And the lesson he learned from this experience is something all of us who work in the cybersecurity business—or in any business that provides products or services to customers—need to learn, namely that you can actually win trust by immediately, honestly and openly admitting your screw-ups.
Which brings to focus an important truth about the cybersecurity business: it’s really all about trust. And trust has more to do with people than technology. Barak drives this point home in various ways throughout his book as he shares stories that range across the full gamut of the fields of information security and online privacy. Including also where these fields intersect with the law enforcement community, something that anyone thinking of starting a business that provides information security services to organizations should consider before they take the plunge into the murky waters of entrepreneurship.
CISOs, CIOs, cybersecurity consultants and vendors offering security services to customers can all benefit from reading the candid stories in this book. It’s an easy read and very enjoyable, and I highly recommended it. You can buy the book on Amazon here.
Factoid: Mainframes never die, they just go up into the clouds
Our previous factoid was this:
Fact: Cloud Platforms Say Servers Living Longer, Saving Billions
Question: What’s the *oldest* PC or server hardware you still have running at work or in your home?
Clint Chaplin who is Senior Principal Standards Engineer at Samsung Research America responded to this one as follows:
I’ve got an AMD 486DX4-100 running DOS 6.20 and Windows for Workgroups 3.11. Used for my financial budgeting program, mostly. The hard disks are external SCSI drives that I can turn on and off to boot into different operating systems, but the DOS/WFW disk is the one I use most often. I use CorelSCSI for the SCSI support. I also maxed out the extended memory.
Wow, sounds like you’re planning on driving that one till the wheels fall off!
Now let’s move on to this week’s factoid:
Fact: IBM Cloud to offer Z-series mainframes for first time – albeit for test and dev
Source: https://www.theregister.com/2022/02/15/ibm_cloud_to_offer_cloudy/
Question: Do any of our readers still have an IBM mainframe running at their organization? Are any of our readers fluent in z/OS administration? We’re curious—share your stories with us!
And Finally
The odd, the stupid and the remarkable. This is where Your Editors get to rant, vent and ramble on incessantly.
Their Bionic Eyes are Now Obsolete and Unsupported (IEEE Spectrum)
https://spectrum.ieee.org/bionic-eye-obsolete
[Forget lobbying for right-to-repair, we should lobbying that hardware vendors *must* release updates for their software as long as there are any users out there still using their devices!]
Bringing back the woolly mammoth and other extinct creatures may be impossible (Science)
[I’m *so* disappointed, I was really looking forward to opening a petting zoo with baby woolly mammoths L]
Why Werner Herzog thinks human space colonization “will inevitably fail” (Ars Technica)
[Humanity has already failed in many other ways Werner, sorry to break the news to you.]
MISSION: IMPOSSIBLE – FALLOUT (2018) – FULL TRANSCRIPT (SUBSLIKESCRIPT)
https://subslikescript.com/movie/Mission_Impossible_-_Fallout-4912910
[This website is actually a pretty cool resource if you’re ever looking for an exact quote from a movie to liven up something you’re writing. After all, desperate times call for desperate measures, right? And I wonder if “subtitles” like these can be AI-generated? Let’s see, hmm…yikes! There’s another neat business idea that’s already been thought up. Rats! Back to the drawing board.]
Get free sheet music at 8notes.com
[I stumbled across this site recently while looking for some sheet music for the Yamaha digital piano that I bought recently. A long time ago in a galaxy far away I played the piano quite well but years of pounding a keyboard in front of a monitor screen have turned my classically-trained fingers into mush. Anyways, check out this site by David Bruce and consider taking out an annual subscription for only $20 which gives you access to a whole bunch of other sheet music on his site.]
Hey reader! Got an amazing or weird or funny link you’d like to suggest for this section of our newsletter? Email us! But please make sure that it’s G-rated as in “Gee whiz”, “Golly!”, Good grief!”, “Gaaahh!!” and so on. Thanks!
Please tell others about WServerNews!
We hope you enjoyed this issue of WServerNews! Feel free to send us feedback on any of the topics we’ve covered—we love hearing from our readers! And please tell others about WServerNews! It’s free and always will be free—and they can subscribe to it here. Thanks!!!